<?php
session_start();
//include("includes/checklogged.php");
include("includes/hash.php");
include("includes/mysql_connect.inc.php");
//==============================================================================================================================================
if (isset ($_POST["ac"]))
{
																	//echo 'AC is set...';
   if ($_POST["ac"]=="log") { 										/// do after login form is submitted
      if (validateOK())    											//echo 'LOG is set...';
      { 
          header('Location: index.php');							//echo 'OK...';
          $_SESSION["logged"]=$_POST["username"];					//header('HTTP/1.1 301 Moved Permanently');
          exit;
      }
      else
      {
          showlogin();												//echo 'NOT OK...';
      };
   };
}
else
{
   $errmsg='';														//echo 'SHOW LOGIN...';
   showlogin();
};
//==============================================================================================================================================
function validateOK()
{
   //echo 'validate ok start';
   global $link;
   global $errmsg;

   if (strlen($_POST["username"]) == 0)
   {
      $errmsg = "Please enter user name.";
      return(false);
   }
   if (strlen($_POST["password"]) == 0)
   {
      $errmsg = "Please enter password.";
      return(false);
   }
   $result=mysql_query("select * from userlist where User_Name='".addslashes($_POST["username"])."'",$link);
   //print "select * from Users where UserLogin='".addslashes($_POST["username"])."'";
   //echo 'check results';
   if (!$result)
   {
      //die("Mysql DB error...");
      die(mysql_error());
      return(false);
   }
   //echo 'check rows';
   if (mysql_num_rows($result) == 0)
   {
      $errmsg = "User not valid...";
      return(false);
   }
 
   $data = mysql_fetch_array($result, MYSQL_ASSOC);
   //echo 'fetch rows';
   #$data=mysql_fetch_array($result,MYSQL_ASSOC);
   //print "password from sql : ".$data["Password"];
   //echo 'password 1';
   //print "password from web : "($_POST["password"]);
   //echo 'password 2';
   if ($data["Password"] != ($_POST["password"]))
   {
     // echo 'password not ok';
      $errmsg = "Password not valid...";
      return(false);
   }
   //echo 'validate ok exit';
   return(true);
}
//==============================================================================================================================================
function showlogin()
{
   global $errmsg;
   $username = '';
   $password = '';
   
   if (isset ($_POST["username"]))
   {
      $username=$_POST["username"];
   }
    if (isset ($_POST["password"]))
   {
      $password=$_POST["password"];
   }

   $formlogin  = '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> ';
   $formlogin .= '<font color=red>'.$errmsg.'<br><br><br></font>';
   $formlogin .= '<font >UserName&nbsp;: <input type="text" name="username" size="25" value="'.$username.'"/><br />';
   $formlogin .= '<font >Password&nbsp;&nbsp;&nbsp;: <input type="password" name="password" size="25" value="'.$password.'"/><br /><br><br>';
   $formlogin .= '<input type="submit" value="Login" />';
   $formlogin .= '</form>';
   
   include('includes/header2.php');
   include('includes/nav2.php');
   print '<div id="content">';
   print $formlogin;
   print '</div> <!-- end #content -->';
   include('includes/sidebar2.php');
   include('includes/footer.php');
}
//ob_flush();
//==============================================================================================================================================
?>
<?php mysql_close($link); ?>

